head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q4:1.1.0.8
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.6
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.4
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.2
	pkgsrc-2010Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2011.03.22.23.31.05;	author tez;	state dead;
branches;
next	1.1;

1.1
date	2010.02.24.19.07.51;	author tez;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update MIT Kerberos to v1.8.3 with the latest security patches up to and
including MITKRB5-SA-2011-003.

Please see http://web.mit.edu/kerberos/ for the change logs since v1.4.2

Note that the r-services, telnetd and ftpd services and the related client
applications are now in a separate pacakge security/mit-krb5-appl.
@
text
@$NetBSD: patch-bu,v 1.1 2010/02/24 19:07:51 tez Exp $

--- lib/crypto/raw/raw_decrypt.c.orig	2004-02-18 20:46:30.000000000 -0600
+++ lib/crypto/raw/raw_decrypt.c	2010-02-23 17:43:53.638863200 -0600
@@@@ -34,5 +34,7 @@@@
 		 const krb5_data *ivec, const krb5_data *input,
 		 krb5_data *output)
 {
+    if (output->length < input->length)
+	return KRB5_BAD_MSIZE;
     return((*(enc->decrypt))(key, ivec, input, output));
 }
@


1.1
log
@Fix CVE-2009-4212 (MITKRB5-SA-2009-004) using patches from
http://web.mit.edu/kerberos/advisories/2009-004-patch_1.6.3.txt
(slightly adjusted for older kerberos version)
@
text
@d1 1
a1 1
$NetBSD$
@